07/26/2018

Focusing on What Really Matters in Cybersecurity

The conversation around cybersecurity is incredibly crowded right now. As a result of all that noise, there is a troubling lack of consensus about how to protect small businesses and major companies alike.

Companies are responding to new types of attacks that target different types of data and applications. The attacks stir them to seek out new security solutions, new vendors, and new strategies on a regular basis. If that weren’t difficult enough, they also are trying to keep cybersecurity costs in check.

This is a challenge for just one organization, but now that mergers and acquisitions are heating up, companies must explore how to combine the cybersecurity of two companies without creating gaps or redundancies.

What all this noise means is that a number of stakeholders are invested in cybersecurity but their priorities could be in conflict. It is essential to respect all of their concerns, or else cybersecurity will never be effective. For the same reason, companies must cut through the noise and find a single voice to lead their efforts.

Focusing on the Weakest Link

Considering how complex the current cybersecurity landscape is, it seems impossible to protect against every single threat. The cost and complexity are prohibitive, and extra investment doesn’t necessarily translate to stronger security. The better strategy is to focus on resources that strengthen the weakest link in most organizations: the email inbox.

Email is used all day, every day. The average email inbox is filled with sensitive information. Most users don’t realize that email is not delivered directly from the sender to the receiver. It actually makes, on average, 22 stops along the way; at each of those stops, the message is vulnerable to theft or corruption.

Another critical issue facing companies large and small is that email is a minefield. Targeted by malware, ransomware, phishing, business email compromise, and other email attacks, all these hackers have to do is trick one user into clicking on a malicious link, opening a malicious attachment, or believing the email is from a valid sender in order for the attack to be successful.

Email is the number one attack vector. This fact can get lost in the noise, but it’s something companies must understand loud and clear moving forward.

Protecting the Inbox From All Angles

Deciding to focus on the inbox is just the first step. The next step is to select the right security tools, and once every stakeholder gets involved, that conversation can get very noisy, too. Companies must prioritize a certain set of tools and then ensure those tools have the features and capabilities that are needed to keep email secure and business flowing. We recommend a three-pronged approach:

1. Encryption That Is Intuitive and Customizable: Email encryption ensures that sensitive information is accessible only to authorized parties. Unfortunately, many of the encryption solutions on the market are confusing and cumbersome to use. Worse, they can’t be customized to fit business and end-user needs. Encryption is important, but an easy-to-use solution is critical to making security work for you rather than against you.

2. Filtering That Knows Good From Bad: Email filtering is a standard tool for keeping out malicious emails. Unfortunately, when those filters rely on static threat definitions, they often mistakenly block good emails while missing new threats that haven’t been defined yet. Comprehensive filtering must rely on multiple layers that are regularly updated on the basis of the latest threat intelligence. Plus, it should apply those filters to both incoming and outgoing emails so that companies don’t unwittingly become a vehicle for an attack.

3. Archiving That Understands All Communications: Archiving emails is a standard part of regulatory compliance. But all kinds of different digital communications — texts, social media posts, video conferences, etc. — now fall under the regulatory umbrella yet don’t get captured by average archiving tools. In order to avoid fines while also making compliance management easier, companies should look for solutions that archive any communication automatically.

Cutting through the noise doesn’t mean shutting people out of the conversation. Rather, it means letting some voices rise above the rest. Everyone may have something to contribute, but cybersecurity is not about consensus. It’s about providing the highest level of security with the greatest degree of certainty.